GMERA 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

言語

en	12
zh	6
ru	4
de	2

国・地域

us	12
wf	4
ag	2
ir	2
be	2

アクター

GMERA	3
Cobalt Strike	2
Patchwork	1
Redaman	1
Dragonfly	1

関心

タイプ

Not Defined	4
Document Reader Software	4
SCADA Software	4
Web Server	4
Content Management System	2

ベンダー

Adobe	4
Siemens	4
Intellian	2
Monstra	2
Cisco	2

製品

Adobe Acrobat Reader	4
Siemens SIMATIC S7-1500	4
Intellian Aptus Web	2
Siemens SIMATIC ET 200SP	2
Monstra CMS	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Siemens LOGO 8 BM TCP Packet メモリ破損	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00168	0.00	CVE-2022-36361
2	Cisco ASA/Firepower Threat Defense Web Services Interface 特権昇格	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97508	0.03	CVE-2020-3452
3	Cisco ASA/Firepower Threat Defense Web Services Interface 情報の漏洩	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01928	0.04	CVE-2020-3259
4	Siemens SIMATIC ET 200SP/SIMATIC S7-1500 Web Server サービス拒否	4.3	4.3	$0-$5k	$5k-$25k	Not Defined	Not Defined	0.00105	0.00	CVE-2020-15796
5	Siemens SIMATIC S7-1500 サービス拒否	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00124	0.04	CVE-2019-19281
6	Siemens LOGO!8 BM Service Port 135 弱い認証	8.2	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00131	0.03	CVE-2020-7589
7	Microsoft IIS IP/Domain Restriction 特権昇格	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.47	CVE-2014-4078
8	Apache HTTP Server ap_get_basic_auth_pw 弱い認証	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01399	0.04	CVE-2017-3167
9	Linux Kernel Filesystem Layer メモリ破損	8.8	7.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00189	0.03	CVE-2021-33909
10	Intellian Aptus Web 弱い認証	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00659	0.08	CVE-2020-8000
11	Palo Alto PAN-OS GlobalProtect Portal 特権昇格	8.1	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.66700	0.02	CVE-2020-2034
12	Plesk Onyx Reflected クロスサイトスクリプティング	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.02	CVE-2020-11584
13	ProMinent MultiFLEX M10a Controller Web Interface 情報の漏洩	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00059	0.04	CVE-2017-14009
14	Sitecore CMS/XP Sitecore.Security.AntiCSRF 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01277	0.03	CVE-2019-9874
15	Vesta Control Panel index.php file_put_contents Reflected クロスサイトスクリプティング	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00103	0.00	CVE-2018-10686
16	Monstra CMS ZIP File 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00345	0.03	CVE-2018-9037
17	Adobe Acrobat Reader 特権昇格	7.5	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01601	0.00	CVE-2017-16379
18	Adobe Acrobat Reader メモリ破損	7.5	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01143	0.00	CVE-2017-3113
19	Adobe Acrobat Reader メモリ破損	7.5	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02127	0.00	CVE-2017-16368
20	Microsoft Windows SMB 特権昇格	7.7	7.1	$25k-$100k	$0-$5k	High	Official Fix	0.97116	0.02	CVE-2017-0146

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	85.209.88.123	vm1887998.31ssd.had.wf	GMERA	2021年05月31日	verified	高
2	XX.XXX.XXX.XX		Xxxxx	2021年05月31日	verified	高
3	XXX.XX.XXX.XX		Xxxxx	2021年05月31日	verified	高
4	XXX.XX.XXX.X	xxxxxx.xxx.xx	Xxxxx	2021年05月31日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CWE-79	Cross Site Scripting	predictive	高
2	T1068	CWE-264, CWE-269	Execution with Unnecessary Privileges	predictive	高
3	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	view/file/index.php	predictive	高
2	Argument	$_REQUEST['path']	predictive	高
3	Argument	__xxxxxxxxx	predictive	中
4	Input Value	xxxxxxxx	predictive	中
5	Network Port	xxx/xxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!